METHOD FOR IMPROVING SECURITY OF IOT DEVICES PAIRING
DOI:
https://doi.org/10.20535/2411-2976.22024.13-19Keywords:
security, authentication, Internet of Things, main-in-the-middle attack, Bluetooth Low Energy, JustWorks, RSSIAbstract
Background. The usage of IoT technologies leads to the social, technological and financial development of society. While complex systems play an important role in the IoT, the design, integration and use of simple devices really drive the technology's widespread adoption. At the same time, ensuring a high level of security for simple IoT devices is a difficult task. The reasons for this are device limited computing resources and low power consumption requirements. It prevents the implementation of most modern cryptographic protocols for simple IoT devices. From a security point of view, the most critical communication stage is device pairing, when shared encryption keys are formed to establish a secure communication channel.
Objective. The purpose of the paper is to analyse the main vulnerabilities of a simple IoT device pairing process and develop a method for improving security of this process. The method should provide proximity-based device authentication and pairing process protection against known attacks, such as man-in-the-middle attack.
Methods. The method of pairing process security improvement includes proximity-based device authentication using analysis of the wireless signal strength. The security of the authentication method is proven analytically and by results of practical experiments with measurement of wireless signal strength change with distance and obstacles between devices.
Results. Performed research demonstrated that the proposed method guarantees secure user authentication at a close distance between devices and protection against attacker located at least 10 meters from the paired device. Provided theoretical calculations and experimental results show that the level of attacker's wireless signal power increase required for a successful attack exceeds technical capabilities of existing communication devices.
Conclusions. The article solves an important issue of improving the security of simple device pairing. The proposed method of proximity-based IoT device authentication provides pairing process protection against man-in-the-middle attacks. Mathematical calculations were confirmed by conducting a number of experiments to research wireless signal power change depending on the distance and types of obstacles between devices. The proposed authentication method can be integrated into the existing JustWorks protocol for connecting simple IoT devices using the BLE communication channel.
References
Sachin Kumar, Prayag Tiwari and Mikhail Zymbler, Internet of Things is revolutionary approach for future technology enhancement: a review, Journal of Big Data, 2019, Article 6, Number 111.
S Choudhary, G Meena, Internet of Things: Protocols, Applications and Security Issues, Procedia Computer Science, 2022, Volume 215, pp. 274-288.
IoT Analytics, State of IoT 2023. Retrieved from https://iot-analytics.com/wp/wp-content/uploads/2023/05/Insights-Release-State-of-IoT-2023-Number-of-connected-IoT-devices-growing-16-to-16.0-billion-globally.pdf
Tomorrow Bio, Understanding IoT: How Simple Devices Can Drive Big Changes, 2023. Retrieved from https://www.tomorrow.bio/post/ understanding-iot-how-simple-devices-can-drive-big-changes-2023-06-4732281520-iot
Mohammed Aziz Al Kabir, Wael Elmedany, Mhd Saeed Sharif, Securing IoT Devices Against Emerging Security Threats: Challenges and Mitigation Techniques, Journal of Cyber Security Technology,2023, Volume 7(4), pp. 199-223.
AN1302: Bluetooth Low Energy Application Security Design Considerations in SDK v3.x and Higher, Silicon Laboratories. Retrieved from https://www.silabs.com/documents/public/application-notes/an1302-bluetooth-application-security-design-considerations.pdf
Karim Lounis, Mohammad Zulkernine. Bluetooth Low Energy Makes ”Just Works” Not Work. Cyber Security in Networking Conference, Oct 2019, Quito, Ecuador. Retrieved from https://hal.science/hal-02528877/document
Zhang, Jiansong, Zeyu Wang, Zhice Yang, and Qian Zhang, Proximity based IoT device authentication, 2017-IEEE conference on computer communications, 2017, pp. 1-9.
What Is a Man-in-the-Middle Attack? Definition, Detection, and Prevention Best Practices for 2022, Retrieved from https://www.spiceworks.com/it-security/data-security/articles/man-in-the-middle-attack/
